Forum Discussion

Expert

4 months ago

Windows Least Privilege and polling (WinServer)

Regarding the Dec 31 Windows Least Privilege nightmare fuel (I know the page claims it wont be strictly enforced) I started testing the script. I've just run it on one collector right now, and it see...

Cole_McDonald

Professor

19 days ago

Anything that access the Security event logs from a remote machine will fail... there is a registry permission that needs to be granted for the user:

$domainName = (get-wmiobject win32_computersystem).domain
$userName = "LM_ServiceAccount_Name"
$regPath  = "HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\Security"
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("$DomainName\$UserName","ReadKey","Allow")

$acl = Get-Acl $regPath
$acl.SetAccessRule($rule)
$acl | Set-Acl -Path $regPath

Forum Discussion

Windows Least Privilege and polling (WinServer)

Related Content

Least Privilege's script to set permissions on Services for Non Admin account.

Least Privilege not showing full list of Windows Services

Windows ProcessMonitoring

Event Sources SNMP and Windows collectors?

Windows service datasource error

Recent Discussions

CIM vs. WMI as native 'Source type

Halo PSA - Integration

Docker Container Dynamic Groups by type.

Removal of Graphs In Alert Emails

Instance discovery time